liboqs version 0.10.0 release candidate 2

[dstebila]

liboqs version 0.10.0-rc2

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

• oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
• OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
• OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.

liboqs can also be used in the following programming languages via language-specific wrappers:

• C++, via https://github.com/open-quantum-safe/liboqs-cpp
• Go, via https://github.com/open-quantum-safe/liboqs-go
• Java, via https://github.com/open-quantum-safe/liboqs-java
• .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
• Python 3, via https://github.com/open-quantum-safe/liboqs-python
• Rust, via https://github.com/open-quantum-safe/liboqs-rust

Release notes

This is release candidate 2 of version 0.10.0 of liboqs. It was released on March 13, 2024.

This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of FIPS 203 and FIPS 204, respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.

What's New

This release continues from the 0.9.2 release of liboqs.

Key encapsulation mechanisms

• BIKE: Updated portable C implementation to include constant-time fixes from upstream.
• HQC: Updated to NIST Round 4 version.
• ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-786, and ML-KEM-1024.

Digital signature schemes

• Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
• ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.

Other changes

• Improved thread safety.
• Added uninstall support via ninja uninstall
• Documented platforms by support tier in PLATFORMS.md.
• Added support for Zephyr RTOS.
• Improved support for macOS on Apple Silicon.
• Removed support for the "NIST-KAT" DRBG.
• Added extended KAT test programs.

---

Detailed changelog

• PR template update & OpenSSL clarification by @baentsch in PR template update & OpenSSL clarification #1582
• Use CMAKE_USE_PTHREADS_INIT by @zxjtan in Use CMAKE_USE_PTHREADS_INIT #1576
• Add section to CONFIGURE.md link by @iyanmv in Add section to CONFIGURE.md link #1578
• Run copy_from_upstream and test by @baentsch in Run copy_from_upstream and test #1589
• Support several pqclean upstream versions by @baentsch in Support several pqclean upstream versions #1595
• Call Keccak_(X4_)Dispatch with pthread_once by @zxjtan in Call Keccak_(X4_)Dispatch with pthread_once #1549
• minor updates by @vsoftco in minor updates #1600
• Pull new HQC implementation from upstream by @SWilson4 in Pull new HQC implementation from upstream #1585
• add uninstall support by @baentsch in add uninstall support #1604
• Ensure generic OQS_OPT_TARGET in weekly CT tests by @SWilson4 in Ensure generic OQS_OPT_TARGET in weekly CT tests #1618
• update .travis.yml by @bhess in update .travis.yml #1629
• Pull latest Kyber version from upstream by @bhess in Pull latest Kyber version from upstream #1631
• platform support documentation [skip ci] by @baentsch in platform support documentation [skip ci] #1605
• Add support for Zephyr RTOS by @Frauschi in Add support for Zephyr RTOS #1621
• Apply patch to Kyber aarch64 code from PQClean for variable-time division issue. by @bhess in Apply patch to Kyber aarch64 code from PQClean for variable-time division issue. #1636
• Fix BIKE constant-time errors by @SWilson4 in Fix BIKE constant-time errors #1632
• Fix falcon constant time check in Valgrind by @cothan in Fix falcon constant time check in Valgrind #1646
• Correct cmake version requirement by @baentsch in Correct cmake version requirement #1643
• Pull Kyber division fixes from PQ-Crystals into main by @praveksharma in Pull Kyber division fixes from PQ-Crystals into main #1649
• Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream by @dependabot in Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream #1659
• Zephyr: fixes for platform support by @Frauschi in Zephyr: fixes for platform support #1658
• Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream by @dependabot in Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream #1661
• Riscv zephyr support by @trigpolynom in Riscv zephyr support #1641
• Zephyr: CMake fixes by @Frauschi in Zephyr: CMake fixes #1664
• Clarify that copyright is held by authors and not the project itself [skip ci] by @dstebila in Clarify that copyright is held by authors and not the project itself [skip ci] #1668
• Make internal API available to (only) test programs by @SWilson4 in Make internal API available to (only) test programs #1667
• Remove reference to old BIKE variants from CONFIGURE.md [skip ci] by @SWilson4 in Remove reference to old BIKE variants from CONFIGURE.md [skip ci] #1669
• Add a document describing our subproject governance by @dstebila in Add a document describing our subproject governance #1675
• Set the correct compile flag for the memory sanitizer build by @SWilson4 in Set the correct compile flag for the memory sanitizer build #1680
• Test against all 100 KAT values by @SWilson4 in Test against all 100 KAT values #1560
• Update BIKE documentation to exclude x86 by @SWilson4 in Update BIKE documentation to exclude x86 #1679
• find_package(Threads) regardless of BUILD_ONLY_LIB by @zxjtan in find_package(Threads) regardless of BUILD_ONLY_LIB #1653
• Call set_available_cpu_extensions using pthread_once by @zxjtan in Call set_available_cpu_extensions using pthread_once #1671
• Discontinue AppVeyor CI testing by @SWilson4 in Discontinue AppVeyor CI testing #1682
• Run oqs-provider release tests in CI on release candidate branches by @SWilson4 in Run oqs-provider release tests in CI on release candidate branches #1654
• Fix link in GOVERNANCE.md by @Martyrshot in Fix link in GOVERNANCE.md #1686
• Rename weekly runs and skip Falcon-1024 [skip ci] by @SWilson4 in Rename weekly runs and skip Falcon-1024 [skip ci] #1684
• Update McEliece suppression files for generic config by @SWilson4 in Update McEliece suppression files for generic config #1677
• Update SPHINCS+ "clean" suppression files by @SWilson4 in Update SPHINCS+ "clean" suppression files #1683
• Update Sphincs+ Markdown documentation from YAML by @SWilson4 in Update Sphincs+ Markdown documentation from YAML #1690
• properly document release support level [skip ci] by @baentsch in properly document release support level [skip ci] #1688
• set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin by @zxjtan in set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin #1695
• Fix cross compilation and test in CI by @SWilson4 in Fix cross compilation and test in CI #1696
• update brew install instructions to use openssl@3 instead of [email protected] [skip ci] by @Martyrshot in update brew install instructions to use openssl@3 instead of [email protected] [skip ci] #1701
• Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors by @bhess in Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors #1626
• Small fixes after adding ML-* by @bhess in Small fixes after adding ML-* #1702
• Move MacOS CI tests to GitHub Actions; add M1 CI tests by @SWilson4 in Move MacOS CI tests to GitHub Actions; add M1 CI tests #1709
• Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] by @Martyrshot in Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] #1699
• Fix for the Zephyr CI tests by @Frauschi in Fix for the Zephyr CI tests #1714
• remove references to unsupported openssh [skip ci] by @baentsch in remove references to unsupported openssh [skip ci] #1713
• fix documentation generation by @baentsch in fix documentation generation #1715
• Support Falcon PADDED format by @SWilson4 in Support Falcon PADDED format #1710
• Fix for alg_support.cmake by @bhess in Fix for alg_support.cmake #1716
• Fix SPHINCS+ naming in CT tests [skip ci] by @SWilson4 in Fix SPHINCS+ naming in CT tests [skip ci] #1720
• improve algorithm documentation [skip ci] by @baentsch in improve algorithm documentation [skip ci] #1721
• Always build "internal" library as static by @SWilson4 in Always build "internal" library as static #1725

New Contributors

• @zxjtan made their first contribution in Use CMAKE_USE_PTHREADS_INIT #1576
• @iyanmv made their first contribution in Add section to CONFIGURE.md link #1578
• @Frauschi made their first contribution in Add support for Zephyr RTOS #1621
• @cothan made their first contribution in Fix falcon constant time check in Valgrind #1646
• @trigpolynom made their first contribution in Riscv zephyr support #1641

Full Changelog: 0.9.2...0.10.0-rc2

---

This discussion was created from the release liboqs version 0.10.0 release candidate 2.

[vt-alt]

I tested 0.10.0-rc2 and it did not encounter any issues.